Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Need help with PERL and cookies.

  • 26-07-2003 7:39pm
    #1
    Registered Users, Registered Users 2 Posts: 605 ✭✭✭


    Hi,
    I'm looking for some guides/tutorials to help me make something that will deal with cookies and user sessions in a PERL script.
    You know, to work around a forum system.
    Like being able to make a cookie, store an encrypted password and read it into the forum each time the page is executed. Hence you're always logged in, until the cookie is deleted.
    I'm a bit confused by this though.
    Because it wouldn't make sense to have the password encrypted locally would it? But then it also seems unsafe to an extent.

    Anyway, as you can see I'm not too familiar with the whole concept so some advice would be greatly appreciated too! :D

    Cheers
    - Tim


Comments

  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    Why don't you download one of the existing Perl forums and look at the source?


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Yep, it makes sense to have the password encrypted locally.

    Now, I'm a little drunk, but afaik, PHP takes some bits from Perl. Anyway, the way boards.ie works - a cookie stores your username and your password, encrypted md5.

    When you sign up for vBulletin, it takes your password, encrypts it md5, and stores that value in the database- it never stores your actual password.. This leaves security in the hands of the connection - the last fortress.

    So when you request a page, the script looks at the cookie, takes the md5 value and compares it to that in the DB. Same for logging on.

    A user session is a little different, if a little more secure (striclty IMO). It only stores all data until the user closes their browser(or passes on the URL)

    If you don't understand, I"ll try clarify when I'm sober :D


  • Registered Users, Registered Users 2 Posts: 605 ✭✭✭exiztone


    Originally posted by seamus

    So when you request a page, the script looks at the cookie, takes the md5 value and compares it to that in the DB. Same for logging on.


    So the password stored in the cookie, is encrypted the same as the password stored in the database?
    Isn't that a bit of security risk in the sense that you do enough of those and you could work out their encryption technique?


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by exiztone
    So the password stored in the cookie, is encrypted the same as the password stored in the database?
    Isn't that a bit of security risk in the sense that you do enough of those and you could work out their encryption technique?

    No, md5 is one-way, in theory. Afaik, it's the same encryption as used in a basic Linux login.

    Forums are never expected to be über safe tho, but you do the best you can. :)

    PHP had a function
    md5("string")
    

    Which md5 encrypts any string, but I'm not sure if Perl has something similar. PHP was written for such applications

    :)


  • Closed Accounts Posts: 304 ✭✭Zaltais


    Haven't really read the full extent of the responses to your post, (it's late and I'm too lazy right now), so sorry if someone's covered some of this already.

    The two modules you want are CGI::Cookie and CGI::Session

    CGI::Cookie is included in the standard distribution (as part pf the CGI module) but CGI::Session is not AFAIK.

    Take a look on CPAN for documentation for these two modules.

    Basically what you want to do (IMO) is to have a user login / password database. When a user logs in successfully issue them with a session ID, then store the session ID in a cookie. When a user hits a page you can simply read the session from the paramaters passed in the url, or from the cookie if no session ID is passed in the URL.

    Naturally if you want a user to be persistiently logged in then you simply need to set the expiration date on the session (and by reference it's corresponding cookie) 6 months or a year from it's last activity date.

    <edit>If you wanna go down the MD5 route see CPAN for the Digest::MD5 module</edit>


  • Advertisement
Advertisement